msm: camera: Fix out-of-bounds read in string class name.

jpeg driver is calling class_create with stack variable, which
can be overwritten by other stack variables.

Bug: 114041685
Change-Id: I3c22a5b3375b970ff6b1c6de983dd5833f4e11d0
Signed-off-by: Trishansh Bhardwaj <tbhardwa@codeaurora.org>
Signed-off-by: VijayaKumar T M <vtmuni@codeaurora.org>

drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_dev.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2017, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2012-2018, The Linux Foundation. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 and
@@ -32,6 +32,8 @@
 #define MSM_JPEG_NAME "jpeg"
 #define DEV_NAME_LEN 10
 
+static char devname[DEV_NAME_LEN];
+
 static int msm_jpeg_open(struct inode *inode, struct file *filp)
 {
 	int rc = 0;
@@ -185,7 +187,6 @@ static int msm_jpeg_init_dev(struct platform_device *pdev)
 	struct msm_jpeg_device *msm_jpeg_device_p;
 	const struct of_device_id *device_id;
 	const struct msm_jpeg_priv_data *priv_data;
-	char devname[DEV_NAME_LEN];
 
 	msm_jpeg_device_p = kzalloc(sizeof(struct msm_jpeg_device), GFP_ATOMIC);
 	if (!msm_jpeg_device_p) {
@@ -328,6 +329,7 @@ static struct platform_driver msm_jpeg_driver = {
 static int __init msm_jpeg_driver_init(void)
 {
 	int rc;
+
 	rc = platform_driver_register(&msm_jpeg_driver);
 	return rc;
 }